Risk may be defined in a business environment as an event, situation or condition that may occur and if it occurs, will impact the ability of a business to achieve its desired objectives. Risk management involves (1) defining those events, situations or conditions and the potential impact to the business, customers and the like; (2) the ability to detect those defined events when they occur; (3) when detected, executing a pre-defined set of actions to minimize negative impacts based upon the level of threat and customer impact of mitigation alternatives (e.g., risk mitigation, prevention and the like); and (4) when unable to prevent a risk event from negatively impacting, executing a set of actions to recover all or part of the loss. In some cases, recovery includes supporting the legal process in criminal prosecution and civil actions.
In the financial world, risk management is necessary in various aspects of the business. Financial institutions manage various forms of risk. One such risk is credit risk, which is a risk related to the inability of a customer, client or other party to meet its repayment or delivery obligations under previously agreed upon terms and conditions. Credit risk can also arise from operational failures that result in an advance, commitment or investment of funds. Another financial risk is market risk, the risk that values of assets and liabilities or revenues will be adversely affected by changes in market conditions, such as market movements or interest rates. Additional forms of risk are financial unlawful acts, including fraud. Fraud involves the use of another person's or company's identity or financial accounts without their permission for the purpose of financial gain. Examples of fraud include identity theft, mass compromises, phishing, account takeover, counterfeit debit or credit cards, etc.
Financial institution fraud, otherwise referred to as bank fraud, is a term used to describe the use of fraudulent means to obtain money, assets, or other property owned or held by a financial institution and/or the financial institution's customers. While the specific elements of a particular banking fraud law vary between jurisdictions, the term “bank fraud” applies to actions that employ a scheme or artifice. For this reason, bank fraud is sometimes considered a white collar crime. Examples of bank fraud include, but are not limited to, check kiting, money-laundering, payment/credit-card fraud, and ancillary frauds such as identification theft, phishing and Internet fraud and the like.
In addition to bank fraud, other financial institution business activity may rise to the level of suspicious activity that may be associated with other unlawful activities. In this regard, the suspicious activity, if identified, may be instrumental in identifying perpetrators, the location of perpetrators or other information pertinent to unlawful activity, such as telephone numbers, Internet Protocol (IP) addresses and the like. These suspicious activities may include, but are not limited to, bank transactions, such as deposits, withdrawals, loan transactions and the like; credit card transactions; online banking activity such as compromised online banking IDs and the like; electronic commerce activity; call center activity and the like. Additionally suspicious activity may be determined from data related to computer security violators (i.e., hackers), fraudulent telephone calls, and entities associated with divisive computer programs (e.g., viruses, trojans, malware and the like) and the like.
In many instances, financial institutions have difficulty identifying ongoing bank fraud or other nefarious activities until the fraud has escalated to a level that has serious negative financial impact. Further, by the time a defrauded financial institution discovers the fraudulent activity, the perpetrator has oftentimes moved on to another financial institution. In some instances, in addition to moving on to a different financial institution, the perpetrator moves on to a different scheme using a different financial product. For example, if a particular perpetrator commits checking fraud against a savings bank, then the savings bank, upon discovering the fraud, will likely report the checking fraud to an organization that collects data on checking fraud. However, if the same perpetrator later attempts to commit credit-card fraud against a credit-card institution, the credit-card institution will be unaware of the perpetrator's previous act of checking fraud.
Risk assessments in the credit realm are undertaken to determine if a customer or a potential customer is credit-worthy, i.e., if credit should be extended or curtailed. Currently such risk or credit assessments are conducted by credit bureaus. However, credit bureaus are limited in the information that they have access to in making such assessments. Specifically, credit bureau information is limited to credit related information, such as extended credit lines, payment history, and the like. Absent from the credit bureau determination is other meaningful financial information, such as transactional information that assesses a customer's activities, for example, checking transactions, credit/debit card transactions, Automated Teller Machine (ATM) deposits/withdrawals, cash advances and the like. Also absent from the credit bureau determination are information regarding the assets the customer has, such as deposit and investment account balances and the like. In addition to assessing risk when credit is issued, a need exists to assess risks throughout the entire credit lifecycle including, but not necessarily limited to, credit distribution, repayment of credit and the like.
Therefore, from a credit risk assessment perspective, a need exists to develop a system that is not limited to assessing credit-worthiness based solely on credit information, and in some instances, additional account information. The desired system should provide for assessing a customer's activity in terms of their transaction data, across multiple financial institutions and multiple products within the financial institutions, as well as non-financial institution information, in order to obtain a comprehensive picture of a customer's transaction history, as well as historical activities, in order to accurately assess the customer's current activities. From a fraud risk perspective, a need exists to monitor and otherwise identify individuals or other entities that are likely to commit fraud across multiple financial products, across multiple channels and across multiple financial institutions, as well as to identify when customers are being victimized by dishonest individuals.